Source for file QueryFilterAuthzEngine.php
Documentation is available at QueryFilterAuthzEngine.php
* @copyright Copyright 2005-2010 RedIRIS, http://www.rediris.es/
* This file is part of phpPoA2.
* phpPoA2 is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* phpPoA2 is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with phpPoA2. If not, see <http://www.gnu.org/licenses/>.
* @license http://www.gnu.org/licenses/gpl.html GNU General Public License
* @author Jaime Perez <jaime.perez@rediris.es>
* This hook is executed right after retrieving the current URI, the params (both GET and POST) and
* the arrays of allowed and denied patterns that will be checked inmediately.
* It can be used to alter parameters and the URL, and also to configure the filters on runtime.
* The hook receives the URI string, an array of parameters, the allowed and the denied patterns.
* Functions for this hook must be defined like this:
* function queryBeforeFilterHook(&$uri, &$params, &$allowed, &$denied);
* Please bear in mind that hooks must return TRUE or they'll keep other hooks from executing.
define("QUERY_BEFORE_FILTERS", "QUERY_BEFORE_FILTERS");
* Authorization engine that works by checking the query string of the request.
* PLEASE NOTE THAT THIS ENGINE SILENTLY IGNORES BOTH USER AND ATTRIBUTES.
* PLEASE NOTE THAT THIS ENGINE WORKS ONLY FOR WEB-BASED APPLICATIONS.
* @subpackage QueryFilterAuthorizationEngine
* PLEASE NOTE THAT THIS ENGINE SILENTLY IGNORES BOTH USER AND ATTRIBUTES.
$params = $this->getQueryParams();
$default = $this->cfg->getDefaultBehaviour();
$allowed = $this->cfg->getAllowedPatterns();
$denied = $this->cfg->getDeniedPatterns();
// run hook before checking patterns
$args = array($params, $allowed, $denied);
$allowed_match = $this->matches($params, $allowed);
$denied_match = $this->matches($params, $denied);
// check matches giving priority to the default setting
$order = array($default, !$default);
foreach ($order as $option) {
if ($option) { // check allowed parameters
} else { // check denied parameters
$list = $this->cfg->getAllowedPatterns();
public function authorize($user, $attrs, $ref, $expires = 0) {
public function revoke($mail) {
* Get all the input received for the current request.
* @return data An array containing all parameters received as input.
private function getQueryParams() {
$uri = $_SERVER['SERVER_NAME']. $_SERVER['REQUEST_URI'];
$data = explode("&", $_SERVER['QUERY_STRING']);
if ($_SERVER['REQUEST_METHOD'] === "POST") {
// convert to associative array
$result['&REQUEST_URI'] = $uri;
foreach ($data as $item) {
list ($key, $value) = explode("=", $item);
* Returns the parameter (or parameters) that matched a list of patterns.
* @param params An array of parameters to check.
* @param patterns An array of patterns to be matched with.
* @return The names of the parameters matched, comma separated if more than one.
private function matches($params, $patterns) {
foreach ($patterns as $key => $value) {
foreach ($value as $name => $pattern) {
if (!isset ($params[$name])) { // parameter not set, skip this option
// convert parameter to array for easy handling
$param = array($params[$name]);
// convert pattern to array for easy handling
// check if any of the possible values match
$some_val_matches = false;
foreach ($param as $item) {
foreach ($pats as $pat) {
// parameter matches, continue
$some_val_matches = true;
if ($some_val_matches) break;
if (!$some_val_matches) {
} else { // match just one parameter
$key = "&REQUEST_URI"; // try to match the complete URI
if (!isset ($params[$key])) // parameter not set, skip this option
// convert parameter to array for easy handling
$param = array($params[$key]);
// convert pattern to array for easy handling
// check if any of the possible values match
foreach ($param as $item) {
foreach ($pats as $pattern) {
// parameter matches, stop searching
|